Allow device admin policy to override policy boolean state.

Prior code only allowed a false to true transition for a device admin policy. This was to ensure that a default true was always upheld. Reverse this and allow a device admin policy to take over the setting of all booleans; even those set by the init.rc. Change-Id: I64ae4d397a8118614c83fa611f0191e2f934dade Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
author: Robert Craig <rpcraig@tycho.ncsc.mil> 2013-06-04 10:24:20 -0400
committer: Ricardo Cerqueira <cyanogenmod@cerqueira.org> 2013-07-18 21:03:13 +0100
commit: ba124a9e8368917100dbdf78665975b75c372a34 (patch)
tree: beb814d5f58db70c20bdf3d1d12734b2c55cce77 /services
parent: 7abdd8838d6a5ced0d5f0554692a79a3d2368f5d (diff)
download: frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.zip
frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.tar.gz
frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.tar.bz2
1 files changed, 8 insertions, 10 deletions
diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java
index df50a5e..911b889 100644
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@@ -2715,16 +2715,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         for (String sebool : sebools) {
             systemState = SELinux.getBooleanValue(sebool);
             desiredState = selinuxAdmin.sebools.get(sebool);
-            if (!firstBoot || !systemState) {
-                if (systemState != desiredState) {
-                    Slog.v(TAG, "SELinux boolean [" + sebool + "] : " + systemState + " -> " + desiredState);
-                    boolean res = SELinux.setBooleanValue(sebool, desiredState);
-                    Slog.v(TAG, "SELinux boolean " + sebool + " " + (res ? "succeeded" : "failed"));
-                    if (res == false) {
-                        // this really shouldn't ever happen
-                        resetSELinuxAdmin(selinuxAdmin);
-                        return false;
-                    }
+            if (systemState != desiredState) {
+                Slog.v(TAG, "SELinux boolean [" + sebool + "] : " + systemState + " -> " + desiredState);
+                boolean res = SELinux.setBooleanValue(sebool, desiredState);
+                Slog.v(TAG, "SELinux boolean " + sebool + " " + (res ? "succeeded" : "failed"));
+                if (res == false) {
+                    // this really shouldn't ever happen
+                    resetSELinuxAdmin(selinuxAdmin);
+                    return false;
                 }
             }
         }
author	Robert Craig <rpcraig@tycho.ncsc.mil>	2013-06-04 10:24:20 -0400
committer	Ricardo Cerqueira <cyanogenmod@cerqueira.org>	2013-07-18 21:03:13 +0100
commit	ba124a9e8368917100dbdf78665975b75c372a34 (patch)
tree	beb814d5f58db70c20bdf3d1d12734b2c55cce77 /services
parent	7abdd8838d6a5ced0d5f0554692a79a3d2368f5d (diff)
download	frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.zip frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.tar.gz frameworks_base-ba124a9e8368917100dbdf78665975b75c372a34.tar.bz2